Thousands of secrets such as PyPI and AWS keys, GitHub tokens, and more, were stolen recently during a supply-chain attack against GitHub, dubbed ‘GhostAction’. The attack was spotted by security ...

Cybercriminals are impersonating popular software like LastPass and Malwarebytes on GitHub, using poisoned search results and sponsored ads to trick Mac users into installing infostealers.

Gartner's new Magic Quadrant for AI Code Assistants report shows GitHub Copilot leading the market while forecasting ...

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that exfiltrated ...

A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y ...

In response to the recent supply chain attack in the JavaScript package manager npm, GitHub has made a few changes that will ...

In its latest report, Microsoft Threat Intelligence claims to have seen an upgraded XCSSET macOS backdoor being used in ...

Cybercriminals are using fake GitHub repositories to distribute Atomic Stealer malware disguised as trusted macOS apps like ...

Cybercriminals are stepping up their attacks on Mac users, using fake GitHub repositories to spread malware disguised as ...

A npm package copying the official 'postmark-mcp' project on GitHub turned bad with the latest update that added a single ...

GitHub Copilot, an AI coding tool offered by Microsoft-owned GitHub, has now reached more than 20 million users, Microsoft CEO Satya Nadella said on the company’s earnings call Wednesday. A GitHub ...

GitHub CEO Thomas Dohmke announced on Monday that he’s stepping down from his role. Dohmke will remain at the Microsoft-owned company until the end of the year, after which he will depart to become “a ...